|
247201
|
8.4 |
HIGH
Local
|
apcupsd
|
apc_ups_daemon
|
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by rep…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-7884
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247202
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bu…
|
CWE-77
Command Injection
|
CVE-2017-7876
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247203
|
7.5 |
HIGH
Network
|
qnap
|
qts
|
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7629
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247204
|
8.6 |
HIGH
Network
|
rockwellautomation
|
panelview_plus_6_700-1500_firmware
|
A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.0…
|
CWE-862
Missing Authorization
|
CVE-2017-7914
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247205
|
7.5 |
HIGH
Network
|
digital_canal_structural
|
wind_analysis
|
A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7910
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247206
|
5.9 |
MEDIUM
Network
|
apache
|
ranger
|
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
|
CWE-862
Missing Authorization
|
CVE-2017-7677
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247207
|
9.8 |
CRITICAL
Network
|
apache
|
ranger
|
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
|
CWE-20
Improper Input Validation
|
CVE-2017-7676
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247208
|
7.5 |
HIGH
Network
|
apache
|
nifi
|
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
|
CWE-346
Origin Validation Error
|
CVE-2017-7667
|
2024-11-21 12:32 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247209
|
6.1 |
MEDIUM
Network
|
apache
|
nifi
|
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7665
|
2024-11-21 12:32 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247210
|
7.5 |
HIGH
Network
|
arm
|
arm_trusted_firmware
|
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug except…
|
CWE-20
Improper Input Validation
|
CVE-2017-7564
|
2024-11-21 12:32 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
